Regulating Drones and Privacy: So Far, A Piecemeal Approach

Even as the use of drones, or unmanned aerial vehicles (UAVs), becomes increasingly widespread, there is currently no comprehensive framework governing 1) the use of drones in U.S. airspace and 2) the use of data captured by these drones.

Instead, drone use is currently governed by a patchwork of state statutes and federal administrative guidelines. A proposed federal bill was recently introduced by Congressional democrats, and it is likely that drones will continue to receive attention from state and federal legislators. Some notable aspects of this evolving regulatory landscape are as follows:

Federal Aviation Administration Framework

There are currently no federal privacy standards in place, however the Federal Aviation Administration released a proposed safety framework governing the commercial use of small unmanned aircraft systems (UAS, or drones). The FAA safety rules are not final, and the public comment period recently closed on April 24. The proposed safety rules have several requirements, such as requiring the operator to maintain a visual line-of-sight with the drone at all times and only allowing an operator to fly one drone at a time. These rules inevitably will frustrate some anticipated commercial uses for drones (such as Amazon’s vision of same-day delivery).

National Telecommunications and Information Administration (NTIA)

Rather than ask the FAA to address the privacy issues surrounding drones, the White House tasked the National Telecommunications and Information Administration (NTIA) with formulating best-practices for drone-related privacy, transparency, and accountability issues using a multi-stakeholder process. The purported rationale for this approach is that businesses and the public can more efficiently develop a better policy.

The NTIA is an agency within the U.S. Department of Commerce that advises the President on telecommunications and information policy issues, and lacks the authority to develop guidelines related to law enforcement or government use of drones. Given these limits, even if the NTIA does issue guidelines, states will likely continue to implement a patchwork of laws to fill these holes.

The public comment period closed on April 20, and more than 50 comments were received. One comment of note is from the Center for Digital Democracy (CDD), a consumer watchdog that takes issue with the NTIA’s oversight of the multi-stakeholder process. The CDD calls for the agency to withdraw from the process, citing its unsuccessful track record in implementing the Privacy Bill of Rights framework, its apparent conflict of interest in favor of commercial interests, and its lack of expertise. According to the CDD, the Federal Trade Commission, as the country’s lead privacy regulator, should oversee the process given its expertise and enforcement authority.

State Regulation

Last week the Florida legislature passed a bill (Freedom for Unwarranted Surveillance Act, SB 766) that permits the limited commercial use of drones, but bans surveillance of private individuals without prior consent.

The bill’s language bars

“a person, a state agency or a political subdivision from using a drone to capture an image of privately owned real property or of the owner, tenant, occupant, invitee or licensee of such property with the intent to conduct surveillance without his or her written consent if a reasonable expectation of privacy exists.”

Under the law, “a person is presumed to have a reasonable expectation of privacy on his or her privately owned real property if he or she is not observable by persons located at ground level in a place where they have a legal right to be.” Importantly, the bill allows law enforcement to use drones only with a valid warrant, or in high-risk or emergency situations.

Florida is not the first state to take action, and it will not be the last. Legislation regulating drones has been introduced in a majority of states, and nine have already adopted measures that limit the use of data collected by drones.

Drone Aircraft Privacy and Transparency Act of 2015

A bill at the federal level, designed to fill some of these gaps was recently introduced by Sen. Edward Markey (D-Mass.) and Rep. Peter Welch (D-Vt.). The Drone Aircraft Privacy and Transparency Act of 2015 include transparency requirements and limits the law enforcement use of drones, requiring either a warrant or exigent circumstances. The transparency rules include a requirement that drone operators file a data collection statement that includes the specific types of information operators collect about individuals or groups, how they will use or disclose the data, and the steps taken to protect privacy. The bill would also require that law enforcement file “data minimization statements” that describe their efforts to minimize the collection of data and information unrelated to the investigation of a crime pursuant to a warrant.

About The Author

Katherine’s practice concentrates on representing clients in litigation, with a focus on defending companies in complex privacy-related class action lawsuits. She also advises clients on compliance with federal and state privacy and security laws. Prior to joining ZwillGen, Katherine was counsel in the San Francisco office of O’Melveny & Myers LLP.